Red Hat Bugzilla – Bug 1274196
RFE: configure iptables rules on overcloud hosts
Last modified: 2016-12-14 10:16:44 EST
Description of problem:
We should configure iptables rules on ospd overcloud hosts .
upstream patch - https://review.openstack.org/#/c/191195/
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.run sudo iptables -S on controllers/computes/ceph
*** Bug 1284080 has been marked as a duplicate of this bug. ***
(In reply to Ofer Blaut from comment #0)
> Description of problem:
> We should configure iptables rules on ospd overcloud hosts .
Perhaps we should use iptables rules on OSPD overcloud hosts, but the stated reason for using iptables here is based on a faulty assumption.
The problem is that the system is accepting route advertisements from the router, and adding a route, even if there is no IP on the interface.
In order to turn this behavior on/off, you can edit /proc/sys/net/ipv6/conf/default/accept_ra to be "0" instead of "1".
You can also turn it on/off on a per-interface basis, e.g.:
echo "1" > /proc/sys/net/ipv6/conf/eth0/accept_ra
I would accept Dan Sneddon's suggestion as the fix here. This doesn't seem like we need to take on iptables config work. And, if we did, the specifications around what we need to solve are not presented here.
I would suggest we open a new BZ to solve for the route advertisement problem specifically.
This bug did not make the OSP 8.0 release. It is being deferred to OSP 10.
Ofer, yes, we're still working on it. I did initial work last year and now Ben is working on enabling the feature by default. I updated the list of patches that we need to make this feature really working.
note the fix for the overcloud is in tripleo-heat-templates, not instack-undercloud
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.